lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20170609091855.GA15474@kroah.com>
Date:   Fri, 9 Jun 2017 11:18:55 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Al Viro <viro@...IV.linux.org.uk>
Cc:     Adam Borowski <kilobyte@...band.pl>, Jiri Slaby <jslaby@...e.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/5] vt: get rid of worst cases of __put_user/__get_user

On Mon, Jun 05, 2017 at 07:13:50AM +0100, Al Viro wrote:
> On Sun, Jun 04, 2017 at 12:42:52AM +0900, Greg Kroah-Hartman wrote:
> > On Sat, Jun 03, 2017 at 09:32:55AM +0200, Adam Borowski wrote:
> > > Hi!
> > > In a recent discussion, Linus and Al Viro said quite a bit of expletives
> > > about __put_user() and __get_user(), that it's a bad interface that's
> > > almost always the wrong thing to use:
> > > https://marc.info/?l=linux-kernel&m=149463725626316&w=2
> > > https://marc.info/?l=linux-kernel&m=149465866929092&w=2
> > > 
> > > Here's a few patches applying the lessons from that discussion to vt.
> > > None of the uses is performance-critical, but at least we get a nice bit
> > > of code simplification.  And, it's a start of manual review + conversion
> > > that Al Viro wants.
> > 
> > Ah, nice work, at first glance these all look good to me.  I'll queue
> > them up on Monday.
> 
> Could you put that into a separate no-rebase branch?  Or I could do that
> in vfs.git, for that matter...

Yes, here's a tag/branch for you to pull from that will not go away
until 4.13-rc1.


The following changes since commit 3c2993b8c6143d8a5793746a54eba8f86f95240f:

  Linux 4.12-rc4 (2017-06-04 16:47:43 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/ tags/vt_copy_cleanup_tag

for you to fetch changes up to f8564c93e0907651e21d586920e629227bb0d024:

  vt: drop access_ok() calls in unimap ioctls (2017-06-09 11:07:36 +0200)

----------------------------------------------------------------
vt: copy/from_to cleanup for vt code for Al to pull from.

Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

----------------------------------------------------------------
Adam Borowski (5):
      vt: use copy_from/to_user instead of __get/put_user for scrnmap ioctls
      vt: fix unchecked __put_user() in tioclinux ioctls
      vt: use copy_to_user instead of __put_user in GIO_UNIMAP ioctl
      vt: use memdup_user in PIO_UNIMAP ioctl
      vt: drop access_ok() calls in unimap ioctls

 drivers/tty/vt/consolemap.c | 56 +++++++++++++--------------------------------
 drivers/tty/vt/vt.c         |  6 ++---
 drivers/tty/vt/vt_ioctl.c   |  8 -------
 3 files changed, 19 insertions(+), 51 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ